> On 11 Mar 2020, at 00:54, Warren Kumari <war...@kumari.net> wrote:
>
> On Thu, Dec 19, 2019 at 8:28 PM Warren Kumari <war...@kumari.net> wrote:
>>
>> [ Note: CC list edited ]
>>
>> Hi there authors,
>>
>> During the IETF LC Stephane supported the document (an important
>> document, worthy of publication), but noted that:
>> 1: the document only deals with auth servers and that it should be
>> more explicit and
>
> So, finally a new version, but from what I can see, you didn't address
> the above, nor did you add an Acknowledgements section.
Because it isn’t authoritative only. I could add “when test recursive servers
set RD=1 and choose a zone name you know to exist, e.g. the root” for those
test that depend
on the SOA record existing in the reply. There are lots of tests in there that
should give the same result independent of the setting of RD or the QNAME.
Will add
<t>
When testing recursive servers set RD=1 and choose a zone
name that is know to exist and is not being served by the
recursive server. The root zone (".") is often a good
candidate. RD=1, rather than RD=0, should be present in
the responses for all test involving the opcode
QUERY.
</t>
[beetle:~/DNS-Compliance-Testing] marka% ~/DNS-Compliance-Testing/genreport -Rtf
. localhost
. @::1 (localhost.): dns=ok aa=ok ad=ok cd=ok ra=ok rd=ok tc=ok zflag=ok
opcode=ok opcodeflg=ok type666=ok tcp=ok edns=ok edns1=ok edns@512=ok
ednsopt=ok edns1opt=ok do=ok docd=ok edns1do=ok ednsflags=ok
optlist=ok,nsid,cookie+badcookie,subnet ednsnsid=ok,nsid
ednscookie=ok,cookie+badcookie ednsexpire=ok ednssubnet=ok,subnet edns1nsid=ok
edns1cookie=ok edns1expire=ok edns1subnet=ok signed=ok,yes ednstcp=ok A=ok
NS=ok MD=ok MF=ok CNAME=ok SOA=ok MB=ok MG=ok MR=ok NULL=ok WKS=ok PTR=ok
HINFO=ok MINFO=ok MX=ok TXT=ok RP=ok AFSDB=ok X25=ok ISDN=ok RT=ok NSAP=ok
NSAP-PTR=ok SIG=ok KEY=ok PX=ok GPOS=ok AAAA=ok LOC=ok NXT=ok SRV=ok NAPTR=ok
KX=ok CERT=ok A6=ok DNAME=ok APL=ok DS=ok SSHFP=ok IPSECKEY=ok RRSIG=ok NSEC=ok
DNSKEY=ok DHCID=ok NSEC3=ok NSEC3PARAM=ok TLSA=ok SMIMEA=ok HIP=ok CDS=ok
CDNSKEY=ok OPENPGPKEY=ok CSYNC=ok ZONEMD=ok SPF=ok NID=ok L32=ok L64=ok LP=ok
EUI48=ok EUI64=ok URI=ok CAA=ok AVC=ok DOA=ok AMTRELAY=ok TA=ok DLV=ok
TYPE1000=ok
. @127.0.0.1 (localhost.): dns=ok aa=ok ad=ok cd=ok ra=ok rd=ok tc=ok zflag=ok
opcode=ok opcodeflg=ok type666=ok tcp=ok edns=ok edns1=ok edns@512=ok
ednsopt=ok edns1opt=ok do=ok docd=ok edns1do=ok ednsflags=ok
optlist=ok,nsid,cookie+badcookie,subnet ednsnsid=ok,nsid
ednscookie=ok,cookie+badcookie ednsexpire=ok ednssubnet=ok,subnet edns1nsid=ok
edns1cookie=ok edns1expire=ok edns1subnet=ok signed=ok,yes ednstcp=ok A=ok
NS=ok MD=ok MF=ok CNAME=ok SOA=ok MB=ok MG=ok MR=ok NULL=ok WKS=ok PTR=ok
HINFO=ok MINFO=ok MX=ok TXT=ok RP=ok AFSDB=ok X25=ok ISDN=ok RT=ok NSAP=ok
NSAP-PTR=ok SIG=ok KEY=ok PX=ok GPOS=ok AAAA=ok LOC=ok NXT=ok SRV=ok NAPTR=ok
KX=ok CERT=ok A6=ok DNAME=ok APL=ok DS=ok SSHFP=ok IPSECKEY=ok RRSIG=ok NSEC=ok
DNSKEY=ok DHCID=ok NSEC3=ok NSEC3PARAM=ok TLSA=ok SMIMEA=ok HIP=ok CDS=ok
CDNSKEY=ok OPENPGPKEY=ok CSYNC=ok ZONEMD=ok SPF=ok NID=ok L32=ok L64=ok LP=ok
EUI48=ok EUI64=ok URI=ok CAA=ok AVC=ok DOA=ok AMTRELAY=ok TA=ok DLV=ok
TYPE1000=ok
[beetle:~/DNS-Compliance-Testing] marka%
-R set RD=1.
-t test know types
-f full test set (excludes types)
> I'm putting it back in Revised ID needed; please address the comments,
> or I will be forced to send it back to the WG....
>
> W
>
>> 2: that Section 3 is confusing, and that Matt had provided some text
>> which helps make this better --
>> https://mailarchive.ietf.org/arch/msg/dnsop/_Nq8PAVOapIVal2BS7P-jlWmnuc
>>
>> Having reread section 3 (and Matt's suggestions) I agree with Stephane
>> on both of these - I also think that addressing these should be quite
>> easy (I don't think it requires a "restructuring"), especially as Matt
>> has provided suggested text...
>> I'd appreciate if you can address these, and SHOUT LOUDLY once you've
>> had a chance to do so (or let me know how else you'd like to handle
>> this).
>>
>> I also think that it would be worth adding an Acknowledgements section...
>>
>> Thanks,
>> W
>>
>>
>>
>> On Thu, Dec 5, 2019 at 9:00 PM The IESG <iesg-secret...@ietf.org> wrote:
>>>
>>>
>>> The IESG has received a request from the Domain Name System Operations WG
>>> (dnsop) to consider the following document: - 'A Common Operational Problem
>>> in DNS Servers - Failure To Communicate.'
>>> <draft-ietf-dnsop-no-response-issue-14.txt> as Best Current Practice
>>>
>>> The IESG plans to make a decision in the next few weeks, and solicits final
>>> comments on this action. Please send substantive comments to the
>>> last-c...@ietf.org mailing lists by 2019-12-19. Exceptionally, comments may
>>> be sent to i...@ietf.org instead. In either case, please retain the
>>> beginning
>>> of the Subject line to allow automated sorting.
>>>
>>> Abstract
>>>
>>>
>>> The DNS is a query / response protocol. Failing to respond to
>>> queries, or responding incorrectly, causes both immediate operational
>>> problems and long term problems with protocol development.
>>>
>>> This document identifies a number of common kinds of queries to which
>>> some servers either fail to respond or else respond incorrectly.
>>> This document also suggests procedures for zone operators to apply to
>>> identify and remediate the problem.
>>>
>>> The document does not look at the DNS data itself, just the structure
>>> of the responses.
>>>
>>>
>>>
>>>
>>> The file can be obtained via
>>> https://datatracker.ietf.org/doc/draft-ietf-dnsop-no-response-issue/
>>>
>>> IESG discussion can be tracked via
>>> https://datatracker.ietf.org/doc/draft-ietf-dnsop-no-response-issue/ballot/
>>>
>>>
>>> No IPR declarations have been submitted directly on this I-D.
>>>
>>>
>>> The document contains these normative downward references.
>>> See RFC 3967 for additional information:
>>> rfc6840: Clarifications and Implementation Notes for DNS Security
>>> (DNSSEC) (Proposed Standard - IETF stream)
>>> rfc3225: Indicating Resolver Support of DNSSEC (Proposed Standard - IETF
>>> stream)
>>> rfc7766: DNS Transport over TCP - Implementation Requirements (Proposed
>>> Standard - IETF stream)
>>> rfc4035: Protocol Modifications for the DNS Security Extensions
>>> (Proposed Standard - IETF stream)
>>>
>>>
>>>
>>
>>
>> --
>> I don't think the execution is relevant when it was obviously a bad
>> idea in the first place.
>> This is like putting rabid weasels in your pants, and later expressing
>> regret at having chosen those particular rabid weasels and that pair
>> of pants.
>> ---maf
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
> ---maf
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
